Transaction device with noise signal encryption
A transaction device adds or injects a random noise component into signals representing (x,y) coordinate signals associated with user interface with an input screen associated with the device. The noise component can be generated by converting to analog the output of a random number generator, and then adding the noise component to the x-axis and/or y-axis component of the (x,y) coordinate signal. Alternatively the noise component can be injected into the x-axis and/or y-axis operating potential for the input screen. The result is a masking of the original (x,y) positional information. The randomly generated number is only available internal to the device. The device can use this number to de-crypt the true (x,y) signals, which signals can then be re-encrypted before transmitting from the device.
Latest Symbol Technologies, Inc. Patents:
- SYSTEM FOR AND METHOD OF STITCHING BARCODE FRAGMENTS OF A BARCODE SYMBOL TO BE READ IN AN IMAGING-BASED PRESENTATION WORKSTATION
- Context aware multiple-input and multiple-output antenna systems and methods
- POINT-OF-TRANSACTION WORKSTATION FOR, AND METHOD OF, IMAGING SHEET-LIKE TARGETS
- APPARATUS AND METHOD FOR MANAGING DEVICE OPERATION USING NEAR FIELD COMMUNICATION
- METHOD AND APPARATUS FOR PERFORMING POWER MANAGEMENT FUNCTIONS
Priority is claimed from U.S. provisional patent application Ser. No. 60/363,034 filed by applicants herein on 7 Mar. 2002, entitled “Active Noise Injection and Secure Input Pad Partition”.
FIELD OF THE INVENTIONThe invention relates generally to electronic transaction devices including point of sale (POS) devices, and more particularly to increasing the security of data encryption within such devices.
BACKGROUND OF THE INVENTIONIn recent years, electronic transaction devices such as point of sale (POS) devices, ATMs, personal digital assistants (PDAs), personal computers (PCs), and bank system networks have found much use in commerce. Transactions involving such devices are carried out everyday over media including the Internet, as well as through POS or bank system networks. Such transactions typically request from the customer-user private information such as a personal identification number (PIN), signature, password, or some other form of private identification. A merchant involved in the transaction uses such private information to verify authenticity of the user's identity, and to authorize the transaction.
Understandably it is important that such private information be protected from access by authorized parties. Should such private information fall into the wrong hands, the user may be at risk for identity theft and for fraudulent transactions, perhaps the user's credit card information. The unauthorized party may utilize the user's private information to fraudulently perform transactions ostensibly on behalf of the unsuspecting user. Prior art systems are designed to try to maintain integrity of user private information when such information is transmitted or promulgated from the transaction device to a remote device. However is it also important to adequately secure user private information within the transaction device itself. While various techniques have been developed to encrypt user private information within a transaction device, further protection for such data is needed.
What is needed is a method and mechanism by which private user information input to a transaction device can be better protected within the device. Preferably such protection should be greater than what is presently available using conventional encryption techniques.
The present invention provides such a method and mechanism to enhance security of user private information within a transaction device.
SUMMARY OF THE INVENTIONThe present invention provides a transaction device with improved encryption to protect user private information data input to the transaction device. The transaction device preferably includes an input pad that may be part of the device display screen, whereon a user inputs information into the device. User input can be defined by (x,y) coordinate locations on the input pad. Internal to the transaction device, signals proportional to the coordinate locations are combined with randomly generated signals, which results in encryption of the original (x,y) coordinate locations. Knowledge of the randomly generated signals is limited solely to the device, which knowledge can allow the device to decrypt the encrypted coordinate signals before output transmission. If desired, security of user information can be enhanced by partitioning the device display screen such that the input pad is displayed in certain regions of the display, and user input to areas in these regions will be encrypted, according to the present invention.
Other aspects and advantages of the invention will become apparent from the following detailed description, taken in conjunction with the accompanying drawings, illustrated by way of example of the principles of the invention.
In an exemplary embodiment, transaction device 10 includes a screen 20 that preferably can display information for the user and can also be used to receive information input by the user, for example a screen sensitive to at least one of touch, pressure, electrical charge, interruption of light, and heat resulting from user interface with the screen. Device 10 typically operates responsive to internal electronics 30, which electronics preferably includes electronics and/or software to encrypt data input by a user to device 10. In one embodiment, screen 20 is configured to both display information to the user and receive input from the user, for example using a stylus 40 (that may be a passive stylus), or even the user's finger. In the embodiment shown in
It is understood that the above description of device 10 is intended to be general, and in some devices separate screens for device display and for user input may be provided. In many applications, transaction device 10 can communicate with other device(s) or system(s) 50 via one or more communications paths 60 that may include hard wiring, wireless communications including, for example, use of infrared, radio frequency, microwave energies, cellular telephony systems, Bluetooth communications, and so forth.
Electronics 30 (which may include software and/or firmware) within device 10 encrypts at least user private data before transmission to remote system 50, for example using well known encryption algorithms such as DES, Triple DES, and the like. Device 10 preferably also uses a cipher key management scheme such as DUKPT, Master/Session, and the like to promote user data security. Such processes may be understood to be carried out by unit 30 within device 10. However unit 30 enhances encryption protection by combining the output from a random number generator within unit 30 with a signal representing the (x,y) location on the input screen or pad 20 of device 10. The randomly generated number is available only to device 10, which can use this information to decrypt the encrypted (x,y) positional information before output transmission.
In
In one embodiment, screen controller 110 is configured to receive information for display on screen 20 from processor 110, and to instruct display/input screen 20 to output the display information for user viewing. Screen controller 100 may modify the format of display information for the display/input screen 20.
Screen controller 100 preferably is also configured to receive input information from display/input screen 20, for example information input by user interaction with the screen itself. User information input via display/input screen 10 describes a particular location on the surface of the display/input screen, for example (x,y) coordinates. Screen controller 100 receives this input information from display/input screen 20 and uses this coordinate information in conjunction with a random number generator 120 to generate an encryption key used by screen controller module 100 to encrypt data input by the user into device 10, prior to transmission of date, including the encrypted data, via line 60 to remote device(s) and/or system(s) 50. The output transmission from device 10 is depicted in
Advantageously, the user input data is encrypted by module 100 as soon as the data is received into device 10. Thus even if an unauthorized person took possession of device 10 with the user's date stored within, the data would be unintelligible unless the encryption could somehow be broken, and the encrypted data unencrypted. Preferably absent an encryption-decryption key, generated according to the present invention, a thief gaining physical access to device 10 would not gain meaningful access to encrypted data within the device.
In one embodiment, processor 110 is configured to receive encrypted information from screen controller 220 and process the encrypted information along with the encryption key, generated according to the present invention. As noted, this key is required to successfully decrypt the encrypted information. Processor 110 is also configured to send display data to screen controller 100 housed within display/input screen 20.
As noted, typically the user interacts with device 10 via display/input screen 20, which screen couples to screen controller 100 (x,y) coordinate information as to the locus of user interaction with the screen. To promote overall security of device 10, screen controller 100 modifies this (x,y) coordinate input information and preferably generates a signal proportional to (x,y) for use in generating an encryption-decryption key. Because the (x,y) coordinate input information has intentionally been altered and encrypted, an unauthorized party gaining access to device 10 cannot recover from the device the original, true, (x,y) coordinate information. Thus if a user separately input as a PIN the digits 30642 by “touching” the corresponding virtual or soft keys displayed on device 10 (e.g., see
Thus in
For ease of illustration in FIGS. 3A-1-3B-2, assume that display/input screen 20 is resistive, which is to say that contact upon the screen at various (x,y) coordinate positions is measurable in terms of resistance across the screen, in the x-axis direction and in the y-axis direction. Assume for the sake of convenience that (x,y) positions near the top left of the screen (e.g., near virtual input key “1”) in
Looking at FIG., 3A-2, assume that the total impedance left-to-right across the entire screen 20 in the x-axis is given by the sum of resistance values R1x+R2x. Assume also that the total impedance, top-to-bottom down the entire screen 20 in the y-axis is given by the sum of resistance values R1y+R2y. For ease of understanding
Thus if
In
The randomly generated signal is created by taking the digital output from a random number generator 160 and passing that signal through a digital-to-analog converter 150 to create an analog signal of random amplitude that is summed in adder 140 with Vx out. The resultant signal, denoted V′x(out) represents a masked version of the original (x,y) user interface position upon screen 20. Since V′x(out) has a random component, namely the analog version of the output from the random number generator, a hacker attempting to recreate Vx out (and thus the x-component of the (x,y) user interface on screen 20) has what appears to be a near impossible task. It is understood that adder 140, digital-to-analog convert 150, random number generator 160, resistor R3 and any other associated components are present within electronics 30, depicted in
Consider now the alternative configuration shown in
In various embodiments it can be advantageous to incorporate at least random number generator 160 within screen controller module 100 and/or display/input screen 20. Such configurations promote security of information within transaction device 10. It will be appreciated from the various embodiments that the use of an injected or added noise signal component (which is to say an analog version of a randomly generated digital signal) encrypts the true user interface (x,y) positions across display/input screen 20.
In one embodiment, V′x(out) is coupled to processor 110, along with the randomly generated number used to create the noise component. Given the random number, processor 110 can recapture the original (x,y) user interface positions from the V′x(out) signal.
Looking first at
In the method shown in
Modifications and variations may be made to the disclosed embodiments without departing from the subject and spirit of the invention, as defined by the following claims.
Claims
1. A transaction device for receiving a user input, the transaction device comprising:
- a user-interfaceable surface, coupled to at least one source of electrical potential so as to generate an x-axis signal and a y-axis signal as a function of the at least one source of electrical potential and a location of the user input;
- a signal generating unit generating a random signal; and
- an arithmetic unit generating an encrypted output signal by adding the random signal to at least one of the x-axis signal and the y-axis signal, wherein the adding comprises at least one of (i) combining the random signal with the at least one source of electrical potential and (ii) combining the random signal with the at least one signal, and wherein the signal generating unit comprises:
- a random digital signal generator; and
- a digital-to-analog converter coupled to receive output from the random digital signal generator, wherein an output from the digital-to-analog converter is the random signal.
2. The transaction device of claim 1, wherein the signal generating unit and the arithmetic unit comprise electronic components housed within the transaction device.
3. The transaction device of claim 1, further including:
- a processor;
- a screen controller coupled to the processor and to the user-interfaceable surface;
- wherein the processor reproduces the x-axis signal and the y-axis signal by decrypting the encrypted output signal using the random signal.
4. The transaction device of claim 3, further including:
- an encryption unit encrypting the x-axis signal and the y-axis signal after the processor performs the decryption; and
- a communication interface outputting the encrypted x-axis signal and the encrypted y-axis signal.
5. The transaction device of claim 1, wherein the arithmetic unit directly sums the random signal with the at least one of the x-axis signal and the y-axis signal.
6. The transaction device of claim 1, wherein the arithmetic unit supplements the at least one source of electrical potential by injecting the random signal.
7. The transaction device of claim 1, wherein the user-interfaceable surface is a display-input screen that can output information from the transaction device and can respond to the user input.
8. The transaction device of claim 1, wherein the user-interfaceable surface comprises a material responsive to a change in pressure exerted against the user-interfaceable surface.
9. The transaction device of claim 1, wherein the user-interfaceable surface is responsive to heat transferred to the user-interfaceable surface.
10. The transaction device of claim 1, wherein the user-interfaceable surface is responsive to changes in light incident upon the user-interfaceable surface.
11. The transaction device of claim 1, wherein the user-interfaceable surface is responsive to infrared energy incident upon the user-interfaceable surface.
12. A method of encrypting signals corresponding to locations on a user-interfaceable surface of a transaction device, the method comprising:
- receiving an x-axis signal and a y-axis signal generated as a function of a location of a user input on the user-interfaceable surface;
- generating a random signal; and
- generating an encrypted output signal by adding the random signal to at least one of the x-axis signal and the y-axis signal, wherein the adding comprises at least one of(i) combining the random signal with a source of electrical potential from which the x-axis and y-axis signals are generated and (ii) combining the random signal with the at least one signal, wherein generating the random signal comprises:
- generating a random number; and
- converting the random number to an analog signal used as the random signal.
13. The method of claim 12, wherein the user-interfaceable surface is a display-input screen that can output information from the transaction device and can respond to the user input.
14. The method of claim 12, wherein the method is carried out by electronics disposed within a housing of the transaction device.
15. The method of claim 12, further comprising:
- disposing within a housing of the transaction device electronics carrying out the method;
- the electronics including at least a screen controller and a processor;
- the processor coupled to the screen controller, and the screen controller coupled to the user-interfaceable surface; and
- coupling the encrypted output signal to the processor;
- wherein the processor can decrypt the encrypted output signal.
4058839 | November 15, 1977 | Darjany |
4385285 | May 24, 1983 | Horst et al. |
4386266 | May 31, 1983 | Chesarek |
4833308 | May 23, 1989 | Humble |
4882675 | November 21, 1989 | Nichtberger et al. |
4982346 | January 1, 1991 | Girouard et al. |
4993068 | February 12, 1991 | Piosenka et al. |
4995086 | February 19, 1991 | Lilley et al. |
5025372 | June 18, 1991 | Burton et al. |
5120906 | June 9, 1992 | Protheroe et al. |
5144115 | September 1, 1992 | Yoshida |
5175682 | December 29, 1992 | Higashiyama et al. |
5195133 | March 16, 1993 | Kapp et al. |
5233547 | August 3, 1993 | Kapp et al. |
5288976 | February 22, 1994 | Citron et al. |
5313051 | May 17, 1994 | Brigida et al. |
5380958 | January 10, 1995 | Protheroe |
5428210 | June 27, 1995 | Nair et al. |
5432326 | July 11, 1995 | Noblett, Jr. et al. |
5448044 | September 5, 1995 | Price et al. |
5448047 | September 5, 1995 | Nair et al. |
5452355 | September 19, 1995 | Coli |
5459306 | October 17, 1995 | Stein et al. |
5488575 | January 30, 1996 | Danielson et al. |
5509083 | April 16, 1996 | Abtahi et al. |
5536930 | July 16, 1996 | Barkan et al. |
5559313 | September 24, 1996 | Claus et al. |
5559885 | September 24, 1996 | Drexler et al. |
5561282 | October 1, 1996 | Price et al. |
5587560 | December 24, 1996 | Crooks et al. |
5592560 | January 7, 1997 | Deaton et al. |
5594226 | January 14, 1997 | Steger |
5617343 | April 1, 1997 | Danielson et al. |
5640002 | June 17, 1997 | Ruppert et al. |
5642485 | June 24, 1997 | Deaton et al. |
5650761 | July 22, 1997 | Gomm et al. |
5739512 | April 14, 1998 | Tognazzini |
5756978 | May 26, 1998 | Soltesz et al. |
5761650 | June 2, 1998 | Munsil et al. |
5768386 | June 16, 1998 | Yokomoto et al. |
5778067 | July 7, 1998 | Jones et al. |
5806045 | September 8, 1998 | Biorge et al. |
5821622 | October 13, 1998 | Tsuji et al. |
5910988 | June 8, 1999 | Ballard |
6009411 | December 28, 1999 | Kepecs |
6047269 | April 4, 2000 | Biffar |
6070147 | May 30, 2000 | Harms |
6076068 | June 13, 2000 | DeLapa et al. |
6101482 | August 8, 2000 | DiAngelo et al. |
6213394 | April 10, 2001 | Schumacher et al. |
6233682 | May 15, 2001 | Fritsch |
6246997 | June 12, 2001 | Cybul et al. |
6249773 | June 19, 2001 | Allard et al. |
6317650 | November 13, 2001 | Powell et al. |
6317835 | November 13, 2001 | Bilger et al. |
6334109 | December 25, 2001 | Kanevsky et al. |
6336099 | January 1, 2002 | Barnett et al. |
6341353 | January 22, 2002 | Herman et al. |
6363152 | March 26, 2002 | Cornelius et al. |
6411284 | June 25, 2002 | Junghans |
6415261 | July 2, 2002 | Cybul et al. |
6424949 | July 23, 2002 | Deaton et al. |
6443839 | September 3, 2002 | Stockdale et al. |
6456981 | September 24, 2002 | Dejaeger et al. |
6540137 | April 1, 2003 | Forsythe et al. |
6574606 | June 3, 2003 | Bell et al. |
6598026 | July 22, 2003 | Ojha et al. |
6609106 | August 19, 2003 | Robertson |
6611814 | August 26, 2003 | Lee et al. |
6615183 | September 2, 2003 | Kolls |
6715078 | March 30, 2004 | Chasko et al. |
20010006383 | July 5, 2001 | Fleck et al. |
20020033794 | March 21, 2002 | Paulson |
20020123922 | September 5, 2002 | Poage et al. |
20020196237 | December 26, 2002 | Fernando et al. |
20030095646 | May 22, 2003 | Paschini |
20030120936 | June 26, 2003 | Farris et al. |
0 248 712 | December 1987 | EP |
0 388 571 | September 1990 | EP |
0 474 360 | March 1992 | EP |
0 809 171 | November 1997 | EP |
2347296 | August 2000 | GB |
200235668 | August 2000 | JP |
WO 98/12615 | March 1998 | WO |
WO 98/14915 | April 1998 | WO |
WO 98/14915 | April 1998 | WO |
WO 00/17758 | March 2000 | WO |
WO 01/41033 | June 2001 | WO |
- “@pos.com Unveils Internet Initiative for Web-Enabling Retail Point-of-Sale”, PR Newswire, Jun. 29, 1999, 4 pages.
- “AdForce and @pos.com Partner to Serve Ads at the Point-of-Sale; Unique Penetration Into Retail Environment Will Combine Online and Terrestrial Advertising,” Business Wire, Jun. 29, 1999.
- “Internet-Enabled Web Appliance Terminals the Key Trend at the Point-of-Sale,” Business Wire, Apr. 27, 2000.
- “Turning POS Terminals Into Retail Marketing Machines,” Debit Card News, Aug. 3, 1995, 1(4):1.
- Bank, David, “Electronic Commerce Debuts on Internet”, Austin American Statesman, Apr. 12, 1994, p. E1.
- Gage, Deborah, “Sun: Javawallet In pocket—Electronic wallet can organize, display transactions, credit data”, Computer Reseller news, Aug. 26, 1996, p. 74.
- Goradia et al., “NetBill 1994 Prototype”, Camegie Mellon University, 1994, 91 pages.
- Papas, G.G., “Encryption Pin Pad”, IBM Technical Disclosure Bulletin, Oct. 1983, 26(5): 2395-2397.
- www.hypercom.com
Type: Grant
Filed: Mar 7, 2003
Date of Patent: Jun 24, 2008
Patent Publication Number: 20040064711
Assignee: Symbol Technologies, Inc. (Holtsville, NY)
Inventors: Llavanya Fernando (San Jose, CA), Nathan C. Wang (San Jose, CA), G.F.R. Sulak Soysa (San Jose, CA)
Primary Examiner: Christopher Revak
Attorney: Fay Kaplun & Marcin, LLP
Application Number: 10/384,010
International Classification: H04L 9/00 (20060101); H04K 1/00 (20060101);